Apache Tomcat 6.0.x < 6.0.45 / 7.0.x < 7.0.68 / 8.0.x < 8.0.30 Directory Traversal

2016-05-2400:00:00

Tenable

www.tenable.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.005

Percentile

77.1%

JSON

According to its self-reported version number, the Apache Tomcat instance listening on the remote host is prior to 6.0.45 / 7.0.68 / 8.0.30. It is, therefore, affected by an information disclosure vulnerability:

An information disclosure vulnerability exists due to a failure to enforce access restrictions when handling directory requests that are missing trailing slashes. An unauthenticated, remote attacker can exploit this to enumerate valid directories. (CVE-2015-5345)

Note that Nessus Network Monitor has not tested for these issues but has instead relied only on the application’s self-reported version number.

Binary data 9316.pasl

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5345

svn.apache.org/viewvc?view=rev&rev=1715216,http://svn.apache.org/viewvc?view=rev&rev=1717216,http://svn.apache.org/viewvc?view=rev&rev=1715213,http://svn.apache.org/viewvc?view=rev&rev=1717212,http://svn.apache.org/viewvc?view=rev&rev=1715207,http://svn.apache.org/viewvc?view=rev&rev=1717209,http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.45,http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.68,http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.30